Methods, apparatuses, computer programs and carriers for security management before handover from 5G to 4G system

ABSTRACT

A key management is provided that enables security activation before handing over a user equipment from a source 5G wireless communication system, i.e., a Next Generation System (NGS), to a target 4G wireless communication system, i.e., a Evolved Packet System (EPS)/Long Term Evolution (LTE). The key management achieves backward security, i.e., prevents the target 4G wireless communication system from getting knowledge of 5G security information used in the source 5G wireless communication system.

CROSS REFERENCE TO RELATED APPLICATION(S)

This application is a 35 U.S.C. § 371 National Stage of InternationalPatent Application No. PCT/EP2017/081687, filed Dec. 6, 2017,designating the United States and claiming priority to U.S. provisionalapplication No. 62/451,860, filed on Jan. 30, 2017. The above identifiedapplications are incorporated by reference.

TECHNICAL FIELD

The present embodiments generally relate to security management, and inparticular to key management in connection with handover betweendifferent generations of wireless communication systems.

BACKGROUND

It may be useful to start with a very brief overview of the UniversalMobile Telecommunications System (UMTS) architecture, sometimes alsoreferred to as 3G, and the Long Term Evolution (LTE) architecture alsoreferred to as 4G.

To start with, the Radio Access Network (RAN) part of the architecturesdiffers in that Universal Terrestrial Radio Access Network (UTRAN) isthe 3G UMTS RAN and Evolved UTRAN (E-UTRAN) is the LTE RAN. UTRANsupports both circuit switched and packet switched services whileE-UTRAN only supports packet switched services.

The UTRAN air interface is Wideband Code Division Multiple Access(WCDMA) based on spread spectrum modulation technology while E-UTRANemploys a multi-carrier modulation scheme called Orthogonal FrequencyDivision Multiple Access (OFDMA). High Speed Packet Access (HSPA) is aset of protocols that extend and improve the performance of existing 3GUMTS networks using the WCDMA protocol.

In 3G UMTS, the RAN is based on two types of nodes: the access node orbase station, called NodeB, and the Radio Network Controller (RNC). TheRNC is the node controlling the RAN, and it also connects the RAN to theCore Network (CN).

FIG. 1 is a schematic diagram illustrating a simplified overview of thecore network for UMTS. The core network for UMTS includes:

-   -   the Circuit-Switched (CS) domain with the Mobile Switching        Center (MSC) for connection to the Public Switched Telephone        Network (PSTN); and    -   the Packet-Switched (PS) domain with the Serving GPRS Support        Node (SGSN) for connection to the RAN, and the Gateway GPRS        Support Node (GGSN) for connection to external networks, such as        the Internet.

Common for the two domains is the Home Location Register (HLR), adatabase in the home operator's network that keeps track of thesubscribers of the operator.

A key design philosophy of the LTE RAN is to use only one type of node,the evolved Node B, also referred to as eNodeB or eNB. A key concept ofthe LTE CN is to be independent of the radio access technology to theextent possible. The LTE RAN functions usually involve:

-   -   Coding, interleaving, modulation and other typical physical        layer functions;    -   Automatic Repeat reQuest (ARQ) header compression and other        typical link layer functions;    -   User Plane (UP) security functions, e.g., ciphering, and RAN        signaling security, e.g., ciphering and integrity protection of        RAN originated signaling to the User Equipment (UE); and    -   Radio Resource Management (RRM), handover, and other typical        radio resource control functions.

The LTE CN functions usually involve:

-   -   Non-Access Stratum (NAS) security functions, e.g., ciphering and        integrity protection of CN signaling to the UE;    -   Subscriber management;    -   Mobility management;    -   Bearer management and Quality of Service (QoS) handling;    -   Policy control and user data flows; and    -   Interconnection to external networks.

The evolution and standardization of the LTE CN was called the SystemArchitecture Evolution (SAE) and the core network defined in SAE differsradically from the older generation core network and was therefore namedthe Evolved Packet Core (EPC).

FIG. 2 is a schematic diagram illustrating a simplified overview of theEPC architecture. The basic nodes of the EPC include:

-   -   the Mobility Management Entity (MME), which is the control plane        node of the EPC;    -   the Serving Gateway (SG), which is the user plane node        connecting the EPC to the LTE RAN; and    -   the Packet Data Network (PDN) Gateway, which is the user plane        node connecting the EPC to the Internet.

The MME is normally also connected to a Home Subscriber Server (HSS),which is a database node corresponding to the HLR.

The Serving Gateway and the PDN Gateway may be configured as a singleentity.

Sometimes the EPC together with the LTE RAN is denoted Evolved PacketSystem (EPS).

Currently, the future generation of wireless communications, commonlyreferred to as Next Generation (NextGen or NG), Next Generation System(NGS) or 5G, is being developed all over the world, although no common5G standard has yet been set.

The vision of Next Generation wireless communications lies in providingvery high data rates, extremely low latency, manifold increase in basestation capacity, and significant improvements of user perceived QoS,compared to current 4G LTE networks.

3GPP SA2 has agreed on the non-roaming architecture in 3GPP TR 23.799V14.0.0, which is illustrated in FIG. 3 .

The Access and Mobility management Function (AMF), sometimes referred toas the Mobility Management Function (MMF), Core Network MobilityManagement (CN-MM) or simply Mobility Management (MM), is the corenetwork node that supports mobility management and is, thus, playing asimilar role to the MME in EPC. AMF has a so-called NG2 interface to RANthat corresponds to the so-called S1 interface between MME and RAN inEPC.

Handover between 3G and 4G wireless communications systems, i.e.,between UMTS and EPS/LTE or between UTRAN and E-UTRAN, is todaysupported in legacy 3GPP systems. In such interworking handover, NAS andAccess Stratum (AS) security are activated before the handover can takeplace. Accordingly, the source wireless communication system in thehandover sends a key set to the target wireless communication system inthe handover.

In the case of handover from 3G to 4G, i.e., from UMTS or UTRAN toEPS/LTE or E-UTRAN, confidentiality and integrity keys used in thesource UMTS system are transferred to the target EPS/LTE system, wherethey are used to derive NAS and AS keys. The target EPS/LTE systemthereby has knowledge of the confidentiality and integrity keys used inthe source UMTS system. Accordingly, there is no backward security.

In handover from 4G to 3G, i.e., from EPS/LTE or E-UTRAN to UMTS orUTRAN, the security keys used in the source EPS/LTE system are nottransferred to the target UMTS system. In clear contrast, newconfidentiality and integrity keys are generated and sent to the targetUMTS system. This generation of new confidentiality and integrity keysprovide 1 hop backward security.

There are currently development of the signaling involved in handoverfrom the NGS to the EPS/LTE. In this context, the mobility managemententity of the NGS, i.e., the AMF, should send security parameters to thecorresponding mobility management entity of the EPS/LTE, i.e., the MME.In order to minimize impact on existing nodes, the target MME interpretsthe received signaling message from the source AMF as sent from a legacyMME. This means that the source AMF needs to act accordingly and providethe necessary security parameters in a similar manner to how this isdone between MMEs in the EPC.

However, there is currently no efficient solution of achieving securityin handover interworking from NGS to EPS/LTE. NAS and AS security shouldbe activated before the handover from NGS to EPS/LTE can take place.Consequently, the source NGS needs, according to the prior art, to sendthe required security parameters to the target EPS/LTE during handover.However, such an approach does not achieve any backward security.

SUMMARY

It is a general objective to enable security in connection with handoverof a user equipment from a source wireless communication system to atarget wireless communication system of different generations.

This and other objectives are met by embodiments as disclosed herein.

An aspect of the embodiments relates to a key management method inconnection with handover of a user equipment from a source wirelesscommunication system to a target wireless communication system. Themethod comprises deriving a first 4G-master key based on a 5G keyavailable at a core network of a source 5G wireless communication systemand a 5G-freshness parameter. The method also comprises forwarding thefirst 4G-master key to a core network of a target 4G wirelesscommunication system for enabling deriving a second 4G-master key basedon the first 4G-master key and a 4G-freshness parameter. The methodfurther comprises forwarding the 5G-freshness parameter to the userequipment for enabling deriving the first 4G-master key based on the 5Gkey and the 5G-freshness parameter and deriving the second 4G-master keybased on the first 4G-master key and the 4G-freshness parameter.

Another aspect of the embodiments relates to a key management method inconnection with handover of a user equipment from a source wirelesscommunication system to a target wireless communication system. Themethod comprises receiving, at a core network of a target 4G wirelesscommunication system and from a core network of a source 5G wirelesscommunication system, a first 4G-master key derived based on i) a 5G keyavailable at the core network of the source 5G wireless communicationsystem and the user equipment, and ii) a 5G-freshness parameter. Themethod also comprises deriving a second 4G-master key based on the first4G-master key and a 4G-freshness parameter.

A further aspect of the embodiments relates to a key management methodin connection with handover of a user equipment from a source wirelesscommunication system to a target wireless communication system. Themethod comprises deriving a first 4G-master key based on a 5G keyavailable at the user equipment and a core network of a source 5Gwireless communication system and a 5G-freshness parameter originatingfrom the core network of the source 5G wireless communication system.The method also comprises deriving a second 4G-master key based on thefirst 4G-master key and a 4G-freshness parameter available at a corenetwork of a target 4G wireless communication system.

An aspect of the embodiments relates to a key management arrangementconfigured to derive a first 4G-master key based on i) a 5G keyavailable at a core network of a source 5G wireless communication systemand a user equipment to be handed over from the source 5G wirelesscommunication system to a target 4G wireless communication system, andii) a 5G-freshness parameter. The key management arrangement is alsoconfigured to forward the first 4G-master key to a core network of thetarget 4G wireless communication system for enabling deriving a second4G-master key based on the first 4G-master key and a 4G-freshnessparameter. The key management arrangement is further configured toforward the 5G-freshness parameter to the user equipment for enablingderiving the first 4G-master key based on the 5G key and the5G-freshness parameter and deriving the second 4G-master key based onthe first 4G-master key and the 4G-freshness parameter.

Another aspect of the embodiments relates to a key managementarrangement configured to receive, from a core network of a source 5Gwireless communication system, a first 4G-master key derived based on i)a 5G key available at the core network of the source 5G wirelesscommunication system and a user equipment to be handed over from thesource 5G wireless communication system to a target 4G wirelesscommunication system, and ii) a 5G-freshness parameter. The keymanagement arrangement is also configured to derive a second 4G-masterkey based on the first 4G-master key and a 4G-freshness parameter.

A further aspect of the embodiments relates to a key managementarrangement configured to derive a first 4G-master key based on i) a 5Gkey available at a user equipment to be handed over from a source 5Gwireless communication system to a target 4G wireless communicationsystem and a core network of the source 5G wireless communicationsystem, and ii) a 5G-freshness parameter originating from the corenetwork of the source 5G wireless communication system. The keymanagement arrangement is also configured to derive a second 4G-masterkey based on the first 4G-master key and a 4G-freshness parameteravailable at a core network of the target 4G wireless communicationsystem.

An aspect of the embodiments relates to a computer program comprisinginstructions, which when executed by at least one processor, cause theat least one processor to derive a first 4G-master key based on i) a 5Gkey available at a core network of a source 5G wireless communicationsystem and a user equipment to be handed over from the source 5Gwireless communication system to a target 4G wireless communicationsystem, and ii) a 5G-freshness parameter.

Another aspect of the embodiments relates to a computer programcomprising instructions, which when executed by at least one processor,cause the at least one processor to derive a second 4G-master key basedon a 4G-freshness parameter and a first 4G-master key originating from acore network of a source 5G wireless communication system and derivedbased on a i) 5G key available at the core network of the source 5Gwireless communication system and a user equipment to be handed overfrom the source 5G wireless communication system to a target 4G wirelesscommunication system, and ii) a 5G-freshness parameter.

A further aspect of the embodiments relates to a computer programcomprising instructions, which when executed by at least one processor,cause the at least one processor to derive a first 4G-master key basedon i) a 5G key available at a user equipment to be handed over from asource 5G wireless communication system to a target 4G wirelesscommunication system and a core network of the source 5G wirelesscommunication system, and ii) a 5G-freshness parameter originating fromthe core network of the source 5G wireless communication system. The atleast one processor is also caused to derive a second 4G-master keybased on the first 4G-master key and a 4G-freshness parameter availableat a core network of the target 4G wireless communication system.

A related aspect of the embodiments defines a carrier comprising acomputer program according to above. The carrier is one of an electronicsignal, an optical signal, an electromagnetic signal, a magnetic signal,an electric signal, a radio signal, a microwave signal, or acomputer-readable storage medium.

A key management is provided that enables security activation beforehanding over a user equipment from a source 5G wireless communicationsystem, e.g., NGS, to a target 4G wireless communication system, e.g.,EPS/LTE. The key management achieves backward security, i.e., preventsthe target 4G wireless communication system from getting knowledge of 5Gsecurity information used in the source 5G wireless communicationsystem.

BRIEF DESCRIPTION OF THE DRAWINGS

The embodiments, together with further objects and advantages thereof,may best be understood by making reference to the following descriptiontaken together with the accompanying drawings, in which:

FIG. 1 is a schematic diagram illustrating a simplified overview of thecore network for UMTS;

FIG. 2 is a schematic diagram illustrating a simplified overview of theEPC architecture;

FIG. 3 is a schematic diagram illustrating the non-roaming architectureof NGS;

FIG. 4 is a schematic diagram illustrating the EPS/LTE key hierarchy;

FIG. 5 is a schematic diagram illustrating the NGS key hierarchy;

FIG. 6 illustrates the signaling flow during handover from UMTS toEPS/LTE;

FIG. 7 illustrates the signaling flow during handover from EPS/LTE toUMTS;

FIG. 8 illustrates the signaling flow during handover from NGS toEPS/LTE;

FIG. 9 illustrates the signaling flow during handover from NGS toEPS/LTE including key management operations according to an embodiment;

FIG. 10 illustrates the signaling flow during handover from NGS toEPS/LTE including key management operations according to anotherembodiment;

FIG. 11 is a schematic block diagram of a key management arrangementaccording to an embodiment;

FIG. 12 is a schematic block diagram of a key management arrangementaccording to another embodiment;

FIG. 13 is a schematic block diagram of a key management arrangementaccording to a further embodiment;

FIG. 14 is a schematic block diagram of a computer-implementationaccording to an embodiment;

FIG. 15 is a schematic block diagram of a key management arrangementaccording to yet another embodiment;

FIG. 16 is a schematic block diagram of a key management arrangementaccording to a further embodiment;

FIG. 17 is a schematic block diagram of a key management arrangementaccording to another embodiment; and

FIG. 18 schematically illustrates a distributed implementation amongnetwork devices.

DETAILED DESCRIPTION

The present embodiments generally relate to security management, and inparticular to key management in connection with handover betweendifferent generations of wireless communication systems.

Prior to describing the handover procedure between 3G and 4G and fromthe 5G to 4G in some more detail, overviews of the key hierarchy forEPS/LTE and NGS are first described herein with reference to FIGS. 4 and5 .

FIG. 4 schematically illustrates the EPS/LTE key hierarchy. The keyhierarchy includes K_(eNB), which is a key derived by the MobileEquipment (ME) in the UE and the MME from K_(ASME) or by the ME andtarget eNB. NH is a key derived by ME and MME to provide forwardsecurity.

NAS protection uses two keys K_(NAsint) and K_(NAsenc). K_(NAsint) isused for protection of NAS traffic with a particular integrityalgorithm, whereas K_(NAsenc) is correspondingly used for the protectionof NAS traffic with a particular encryption algorithm. These keys arederived by the UE and the MME from K_(ASME) and an identifier for theintegrity algorithm or the encryption algorithm, respectively, using aKey Derivation Function (KDF).

Keys for User Plane (UP) traffic, K_(UPenc), K_(UPint), and RadioResource Control (RRC) traffic, K_(RRcenc), K_(RRCint), are derived bythe UE and the eNB from K_(eNB).

The figure also indicates a confidentiality key (CK) and an integritykey (IK) available at the UE and a HSS, and the subscription credential(K) stored at the Universal Subscriber Identity Module (USIM) andAuthentication Center (AuC). More information of the EPS key hierarchycan be found in section 6.2 of 3GPP TS 33.401 V14.1.0.

FIG. 5 illustrates a corresponding key hierarchy for the NGS. Ingeneral, the key hierarchy is similar to that of EPS/LTE shown in FIG. 4but with some differences. For instance, an additional layer of keyhierarchy is introduced that allows a key resulting from theauthentication to be held in a secure location. This in effectcorresponds to splitting the key K_(ASME) into the keys K_(SEAF) andK_(MMF). In FIG. 5 , K represents the subscription credential that isheld in the UE and Authentication Credential Repository and ProcessingFunction (ARPF)/Authentication, Authorization, and Accounting (AAA)server. K_(SEAF) is an anchor key for the authentication session fromwhich subsequent keys, e.g., CN control plane keys and Access Network(AN) keys, are derived. K_(MMF) is a control plane key bound to MMF,which represents the core network entity that terminates the NASMobility Management (MM) signaling. The MMF and K_(MMF) are alsoreferred to as AMF and K_(AMF), CN-MM and K_(CN-MM), or CN and K_(CN) inthe art.

NAS encryption and integrity protection keys, K_(NAsenc) and K_(NAsint),are derived from K_(MMF). K_(MMF) may also be used to derive the ANlevel keys, such as K_(UPenc), K_(UPint), K_(RRCenc), K_(RRCint), usingKAN, which is the key provided to the AN and corresponds to K_(eNB) inEPS/LTE. K_(UP-GW), also referred to as K_(CN-SM/UP), is a user planekey for an UP-Gateway (GW) when the user plane security terminates atthe UP-GW. More information of the NextGen key hierarchy can be found insection 5.1.4.6.2.2 of 3GPP TS 33.899 V0.6.0.

FIG. 6 illustrates the signaling involved in the handover from 3G to 4G,i.e., from UMTS or UTRAN to EPS/LTE or E-UTRAN. Generally, at such ahandover, the NAS and AS security should be activated in the E-UTRAN.The source system in the handover should always send a key set to thetarget wireless communication system during handover.

Briefly, the source RNC decides that the UE should be handed over to theEPS/LTE system. The source RNC notifies the source SGSN that handover orrelocation is required. The SGSN transfers MM context, includingconfidentiality key (CK), and an integrity key (IK), Key Set Identifier(KSI) and the UE security capabilities to the target MME in a Forward(FW) relocation request message.

The MME creates a NONCE_(MME) and derives K′_(ASME) from CK, IK andNONCE_(MME) using a one-way KDF. The MME also derives K_(eNB) fromK′_(ASME) using a KDF. The MME selects NAS security algorithms, derivesNAS keys from K′_(ASME) and includes KSI_(SGSN), NONCE_(MME), and theselected NAS security algorithms in a NAS Security Transparent ContainerIE of a S1 handover (HO) Request message to the target eNB. The MMEfurther includes K_(eNB) and the UE EPS security capabilities in the S1HO Request message to the target eNB.

The target eNB selects the AS algorithms, creates a transparentcontainer, denoted RRCConnectionReconfiguration, including the NASSecurity Transparent Container IE, and sends it in a S1 HO Request Ackmessage towards the MME. The eNB derives K_(RRC) and K_(UP) keys fromK_(eNB). The MME includes the transparent container received from thetarget eNB in a FW Relocation Response message sent to SGSN, whichincludes the transparent container in a relocation command sent to thesource RNC. The RNC includes the transparent container in a UTRAN HOcommand sent to the UE.

The UE derives K′_(ASME), associates it with KSI_(SGSN) and derivesK_(eNB) in the same way as the MME above. The UE also derives the NASkey as the MME did above and the RRC and UP keys as the eNB did above.The UE sends an RRCConnectionReconfiguration Complete messages to theeNB, which sends a HO notify to the MME. The MME and SGSN conclude withtransmission of FW relocation complete and FW relocation complete Ackmessages.

Thus, the source SGSN transfers the CK and IK keys used in the UMTSsystem to the target MME. The target MME derives a new K′_(asme) fromCK, IK and NONCE_(MME). There is no backward security in this case sincethe target MME has knowledge of the CK and IK keys used in the UMTSsystem. The target MME uses the new K′_(asme) and derives NAS keys andAS keys therefrom. The NAS keys and AS keys are used in MME and eNBuntil a new re-authentication takes place in NAS layer in MME.

FIG. 7 discloses the corresponding signaling taking place in a handoverfrom 4G to 3G, i.e., from EPS/LTE or E-UTRAN to UMTS or UTRAN. Briefly,the source eNB decides that the UE should be handed over to the UMTSsystem. The source eNB notifies the source MME that handover isrequired. The source MME selects a current NAS downlink COUNT value touse in the handover and then increases the NAS downlink COUNT valueby 1. The source MME and the UE derive a confidentiality key (CK′), andan integrity key (IK′) from K_(ASME) and the selected NAS downlink COUNTvalue of the current EPS key security context with the help of a one-wayKDF. The source MME and the UE also assign the value of evolved KSI(eKSI) to the KSI. The source MME transfers MM context, including aconcatenation of CK′ and IK′ (CK′|IK′), KSI and UE security credentialsto the target SGSN. The target SGSN replaces all stored parameters CK,IK, KSI, if any, with CK′, IK′, KSI received from the source MME. The UEcorrespondingly replaces all stored parameters CK, IK, KSI, if any, withCK′, IK′, KSI in the ME and USIM. The UE gets access to the NAS downlinkCOUNT value through the Forward relocation response from the target SGSNto the source MME, the Relocation command from the source MME to thesource eNB and the handover command from the eNB to the UE. The targetSGSN and target RNC also communicate a relocation request and arelocation request ack between each other. More information of thesignaling can be found in section 9.2.2.1 of 3GPP TS 33.401 V14.1.0.

In this case, the source MME does not transfer K_(asme) or any othersecurity key used in source EPS/LTE system to the target SGSN. SourceMME derives a new CK′ and a new IK′, which it provides to the targetSGSN. CK′ and IK′ provide 1 hop backward security. The target SGSN hasno knowledge of K_(asme) used in the source EPS/LTE system. The targetSGSN uses the received CK′ and IK′ without performing any further keyderivation. CK′ and IK′ are used in UMTS (target RNC) until a newre-authentication takes place in NAS layer in UTRAN. The source MMEknows the CK′ and IK′ used in target RNC and in further RNC's athandovers in UTRAN.

FIG. 8 is the corresponding proposal for signaling flow for handoverfrom 5G to 4G, i.e., from NGS to EPS/LTE, in 3GPP TR 23.799 V14.0.0.Briefly, the NG RAN decides (1) that the UE should be handed over to theE-UTRAN. The NG RAN notifies (2) the Next Generation Core (NGC) ControlPlane Function (CPF), which corresponds to the previously mentioned AMF,that handover is required. The notification message includes Target eNBID, Source to Target Transparent Container. The NGC CPF selects an MMEand sends (3) a Relocation Request (Target eNB ID, Source to TargetTransparent Container, NGS UE Context) message to the selected MME,which converts (4) the received NGS UE Context into EPS UE Context. TheMME sends (5) a Create Session Request (Packet Data Network (PDN)Connection Information, including EPS Bearer Contexts) message to theServing Gateway (SGW) and the SGW responds (5) to the MME with a CreateSession Response (S1 UL Tunneling Information) message. The MME alsosends (6) a Handover Request (Source to Target Transparent Container,E-RAB Contexts, including S1 UL Tunneling Information) message to theE-UTRAN. The E-UTRAN sends (6) a Handover Request Acknowledge (Target toSource Transparent Container, S1 DL Tunneling Information for PDUForwarding) message to the MME.

If the E-UTRAN provided S1 DL Tunneling Information for PDU Forwarding,the MME requests (7) forwarding tunnel creation to the SGW. The SGWresponds (7) to the forwarding tunnel creation request includingSGW-side NGy Tunneling Information for PDU Forwarding.

The MME sends (8) a response message to the Relocation Request messageas sent according to (3) above. The response message includes the Targetto Source Transparent Container and may include the SGW-side NGyTunneling Information for PDU Forwarding.

If the Relocation Response message includes the SGW-side NGy TunnelingInformation for PDU Forwarding, the NGC CPF requests (9) forwardingtunnel creation towards the NGC User Plane Function (UPF), eitherTerminating UPF (TUPF) or non-terminating NGC UPF if available. Therequest message includes the SGW-side NGy Tunneling Information for PDUForwarding. The NGC UPF responds (9) to the NGC CPF with the NG3 ULTunneling Information for PDU Forwarding.

The NGC CPF sends (10) a Handover Command (Target to Source TransparentContainer, NG3 UL Tunneling Information for PDU Forwarding) message tothe NG RAN, which commands (11) the UE to handover to the E-UTRAN. TheUE detaches from the NG RAN and synchronizes to the E-UTRAN. The NG RANforwards PDUs coming from the NGC UPF to the NGC UPF using the NG3 ULTunneling Information for PDU Forwarding, the NGC UPF forwards the PDUsto the SGW using the SGW-side NGy Tunneling Information for PDUForwarding, and the SGW forwards the PDUs to the E-UTRAN using the S1 DLTunneling Information for PDU Forwarding.

The UE confirms (12) handover to the E-UTRAN. The E-UTRAN notifies (13)to the MME that the UE is handed over to the E-UTRAN. The notificationmessage includes the S1 DL Tunneling Information. The MME sends (14) aModify Bearer Request (S1 DL Tunneling Information) message to the SGW,which sends (15) a Modify Bearer Request (EPS Bearer Contexts, includingNGy DL Tunneling Information) message to the NGC CPF. The NGC CPFrequests (16) session modification to the TUPF. The TUPF receives (16)EPS Bearer Contexts including NGy DL Tunneling Information from the NGCCPF. The NGC CPF obtains (16) Per-Bearer NGy UL Tunneling Informationfrom the TUPF. The NGC CPF sends (17) a Modify Bearer Response(Per-Bearer NGy UL Tunneling Information) message to the SGW. The SGWreplaces (18) the NGy UL Tunneling Information received in above withthe Per-Bearer NGy UL Tunneling Information.

The embodiments involve calculating, in the source core network of thesource 5G wireless communication system, i.e., NGS, such as in the AMF,new security keys to be used in interworking handover from the source 5Gwireless communication system to a target 4G wireless communicationsystem, i.e., EPS/LTE. The embodiments also enable transfer of the newcalculated security keys to the target core network in EPS/LTE, such asto the MME.

“Source” as used herein indicates the wireless communication system, oran entity thereof, to which the user equipment is currently connected,whereas “target” as used herein denotes the wireless communicationsystem, or an entity thereof, that the user equipment will be connectedto following completion of a handover. Thus, a handover takes place fromthe source to the target.

The embodiments are in particular applicable for allowing handover froma source wireless communication system, such as NGS, to a targetwireless communication system, such as EPS/LTE, when the user equipmentis in a connected state.

There are generally two user equipment states or modes, the idle stateor mode and the connected state or mode. When the user equipment doesnot have any data to send it is said to be in idle state or mode, andwhen data is being sent or communication is taking place then the userequipment is said to be in connected state or mode.

Handover from the source 5G wireless communication system to the target4G wireless communication system could be defined as handover from NGSto EPS/LTE. It also possible to define the handover as handover from thesource core network to the target core network, i.e., handover from theNGS core network, or NGC or NG CN for short, to EPC; or handover fromthe source RAN to the target RAN, i.e., handover from the NGS RAN, or NGRAN for short, to EPS/LTE RAN, i.e., E-UTRAN.

In an embodiment, the key derivation and transfer is performed in a waythat prevents or prohibits the target core network, e.g., the MME, fromgetting any knowledge of the security keys used in source core network,e.g., in the AMF. In a particular embodiment, the proposed solutionsprohibit the target core network in EPC, e.g., the MME, from getting anyknowledge of the security keys used in the source core network in NGS,e.g., the AMF, and also used in the connected base stations or node-B ofthe NG RAN (gNB) and the LTE eNBs connected to the AMF.

In an embodiment, the at least one new security key sent from the sourceAMF to target MME provides 1 hop backward security.

Non-limiting, but illustrative, examples of security keys used in thesource 5G wireless communication system include keys shown in FIG. 5discussed in the foregoing. In particular, such 5G security keys thatare preferably prevented from being available at the target 4G wirelesscommunication system include K_(SEAF); K_(MMF), also denoted K_(AMF),K_(CN-MM), or K_(CN); K_(NAS) keys, such as K_(NAsenc), K_(NAsint); andNAS confidentiality and integrity keys (NAS-CK, NAS-IK).

In an embodiment, the solution prevents or prohibits the source corenetwork in NGS, e.g., the AMF, from getting any knowledge of thesecurity keys used in target core network in EPC, e.g. the MME and LTEeNBs connected to the MME. This provides forward security. Thisembodiment is possible if the so-called 4G-freshness parameter used toderive new security keys in the MME is not sent through the sourcewireless communication system, such as to the source AMF and source gNB.In clear contrast, the 4G-freshness parameter is known both at thetarget core network, such as the MME, and the user equipment.Accordingly, there is no need to transfer the 4G-freshness parameterfrom the MME to the user equipment in this particular embodiment.

The embodiments will now be described in some more detail with referenceto particular implementation examples.

In an embodiment, a new key, denoted first 4G-master key or 4G-masterkey′ herein, is derived from a 5G key available at the source corenetwork. In a particular embodiment, the 4G-master key′ is derived fromthe 5G key available at the source core network and a 5G-freshnessparameter available, derived or generated at the source core network.

In a particular embodiment, the 4G-master key′ is a 256-bit 4G-masterkey′.

The 5G-freshness parameter could be a random number, a counter value, oran identity as non-limiting, but illustrative, examples. In a particularembodiment, the 5G-freshness parameter is a counter value, such as a NASCOUNT value. In the case of a user equipment in a connected state, theNAS COUNT value is preferably a NAS downlink COUNT value.

In a first implementation example, the 4G-master key′ is derived fromK_(CN) using the 5G-freshness parameter. For instance, 4G-masterkey′=f(K_(CN), 5G-freshness parameter). In a particular example,4G-master key′=KDF(K_(CN), new FC number|5G-freshness parameter).

In a second implementation example, the 4G-master key′ is derived fromK_(CN-MM) using the 5G-freshness parameter. For instance, 4G-masterkey′=f(K_(CN-MM), 5G-freshness parameter). In a particular example,4G-master key′=KDF(K_(CN-MM), new FC number|5G-freshness parameter).

In a third implementation example, the 4G-master key′ is derived fromK_(MMF) using the 5G-freshness parameter. For instance, 4G-masterkey′=f(K_(MMF), 5G-freshness parameter). In a particular example,4G-master key′=KDF(K_(MMF), new FC number|5G-freshness parameter).

In a fourth implementation example, the 4G-master key′ is derived fromK_(AMF) using the 5G-freshness parameter. For instance, 4G-masterkey′=f(K_(AMF), 5G-freshness parameter). In a particular example,4G-master key′=KDF(K_(AMF), new FC number|5G-freshness parameter).

In a fifth implementation example, the 4G-master key′ is derived fromK_(SEAF) using the 5G-freshness parameter. For instance, 4G-masterkey′=f(K_(SEAF), 5G-freshness parameter). In a particular example,4G-master key′=KDF(K_(SEAF), new FC number|5G-freshness parameter).

In an embodiment, the first 4G-master key, such as K_(ASME) K_(ASME), isderived from the 5G key, such as K_(AMF), and the 5G-freshnessparameter, such as a NAS downlink COUNT value.

In an embodiment, the 4G-master key′ is derived at the source corenetwork, such as at a core network node or an entity or functionalityimplemented in the source core network. In a particular embodiment, the4G-master key′ is derived by an entity or functionality of the sourcecore network managing mobility within the source wireless communicationnetwork. This entity or functionality is preferably the previouslymentioned AMF, also referred to as MMF and CN-MM in the art.

In an embodiment, the source core network, such as the entity orfunctionality managing mobility, e.g., the AMF, forwards or sends the4G-master key′ to the target core network, and preferably to an entityor functionality in the target core network managing mobility within thetarget wireless communication network. This entity or functionality ispreferably the previously mentioned MME.

In an embodiment, the source core network, such as the entity orfunctionality managing mobility in the source core network, e.g., theAMF, should not expose the 5G-freshness parameter to the target corenetwork, such as the entity or functionality managing mobility in thetarget core network, e.g., the MME.

In an embodiment, the source core network, such as the entity orfunctionality managing mobility, e.g., the AMF, forwards or sends the5G-freshness parameter to the user equipment. This transmission of the5G-freshness parameter to the user equipment preferably involves thesource RAN, such as gNB of the source RAN. In such a case, the5G-freshness parameter is not exposed to the target wirelesscommunication system.

In an embodiment, a new key, denoted second 4G-master key or 4G-masterkey″ herein, is derived from the 4G-master key′ at the target corenetwork. In a particular embodiment, the 4G-master key″ is derived fromthe received 4G-master key′ and a 4G-freshness parameter available,derived or generated at the target core network.

In a particular embodiment, the 4G-master key″ is a 256-bit 4G-masterkey″.

The 4G-freshness parameter could be a random number, a counter value, anidentity, a static identity, or a static parameter as non-limiting, butillustrative, examples. In a particular embodiment, the 5G-freshnessparameter is a counter value, such as a NAS COUNT value, for instance aNAS uplink COUNT value.

In an embodiment, the second 4G-master key, such as K_(eNB), is derivedfrom the first 4G-master key, such as K_(ASME) K′_(ASME), and the4G-freshness parameter, such as NAS uplink COUNT value.

In another embodiment, the second 4G-master key, such as K′_(ASME) orK″_(ASME), is derived from the first 4G-master key, such as K_(ASME)K′_(ASME), and the 4G-freshness parameter, such as a counter value.

In an implementation example, the 4G-master key″ is derived from the4G-master key′ received from the source core network, such as from theentity or functionality of the source core network managing mobilitywith the source wireless communication network, e.g., the AMF, using the4G-freshness parameter. For instance, 4G-master key″=f(4G-master key′,4G-freshness parameter). In a particular example, 4G-masterkey″=KDF(4G-master key′, new FC number|4G-freshness parameter).

In the above presented implementation examples, f(.) is a function thatderives a 4G-master key, e.g., 4G-master key′ or 4G-master key″, basedon the input key, e.g., K_(CN), K_(CN-MM), K_(MMF), K_(AMF), K_(SEAF) or4G-master key′, and the freshness parameter, e.g., 5G-freshnessparameter or 4G-freshness parameter. KDF denotes a key derivationfunction, ∥ denotes concatenation, and FC number is preferably a singleoctet used to distinguish between different instances of the keyderivation algorithm.

In an embodiment, the user equipment derives the 4G-master key′ from a5G key available at the user equipment. In a particular embodiment, the4G-master key′ is derived from the 5G key available at the userequipment and the 5G-freshness parameter received or originating fromthe source core network, such as from the entity or functionalitymanaging mobility within the source wireless communication network,e.g., from the AMF. The user equipment preferably also derives the4G-master key″ from the derived 4G-master key′. In a particularembodiment, the user equipment derives the 4G-master key″ from thederived 4G-master key′ and the 4G-freshness parameter.

In these embodiments, the 5G key used to derive the 4G-master key′ isavailable both at the source core network, such as in the entity orfunctionality managing mobility within the source wireless communicationnetwork, e.g., the AMF, and at the user equipment, see FIG. 5 .

The user equipment can provide or obtain the 4G-freshness parameteraccording to various embodiments.

In a first embodiment, the 4G-freshness parameter is known by the targetcore network, such as the entity or functionality managing mobilitywithin the target wireless communication network, e.g., the target MME,and the user equipment. In this embodiment, the 4G-freshness parameterthereby does not have to be sent to the user equipment through thesource wireless communication system, i.e., through the source corenetwork, e.g., the source AMF, and the source RAN, e.g., the source gNB.For instance, the 4G-freshness parameter could be some staticinformation, such as static identity or a static parameter, which doesnot change at further handovers.

In a second embodiment, the target core network, such as the entity orfunctionality managing mobility within the target wireless communicationnetwork, e.g., the target MME, sends or forwards the 4G-freshnessparameter to the user equipment. In such a case, the target MME couldsend the 4G-freshness parameter via the source core network, such as theentity or functionality managing mobility within the source wirelesscommunication network, e.g., the source AMF, and then via the sourceRAN, such as gNB, to the user equipment. In another case, the4G-freshness parameter is sent via the target RAN, such as the targeteNB, for instance, if the 4G-freshness parameter is included in atransparent container by the target eNB, which is transferred back tothe target MME and then further to the source AMF and the source gNB.

FIG. 9 illustrates the initial signaling up to handover completed inFIG. 8 together with additional signaling from the AMF.

Thus, in an implementation example, the AMF, represented as NGC CPF inFIG. 9 , provides the 5G-freshness parameter and derives, calculates orgenerates the 4G-master key′, preferably based on the reception of thenotification message from the NG RAN that a handover is required.

The AMF also sends the 4G-master key′ to the target MME. This 4G-masterkey′ is preferably included in a Relocation request sent from the AMF toa target MME selected by the AMF. In such a case, the Relocation Requestmay include the 4G-master key′ in addition to the Target eNB ID, Sourceto Target Transparent Container, and NGS UE Context. In an alternativeembodiment, the 4G-master key′ is sent to the target MME in anothermessage separate from the Relocation Request.

The AMF preferably also sends the 5G-freshness parameter to the userequipment. The 5G-freshness parameter is preferably included in aHandover Command sent from the AMF to the NG RAN and further to the userequipment. In such a case, the Handover Command may include the5G-freshness parameter in addition to the Target to Source TransparentContainer and NG3 UL Tunneling Information for PDU Forwarding. In analternative embodiment, the 5G-freshness parameter is sent to the userequipment in another message separate from the Handover Command.

FIG. 10 illustrates signaling flow for handover from NGS to the EPS/LTEaccording to an embodiment involving transmitting the 4G-freshnessparameter from the target MME to the user equipment.

The NG RAN, represented by a source gNB in the figure, decides that theUE should be handed over to the EPS/LTE and E-UTRAN. The NG RAN notifiesthe NGC CPF, represented by source AMF in the figure, that handover isrequired. The source AMF derives a new 4G-master key′ from a 5G key,such as from K_(CN), K_(CN-MM), K_(MMF), K_(AMF) or K_(SEAF), using a5G-freshness parameter. The AMF selects a target MME and sends aRelocation Request including the 4G-master key′ and UE 5GS SecurityCapabilities to the MME. The Relocation Request typically also comprisesthe International Mobile Subscriber Identity (IMSI) that are used toidentify the relevant UE.

The target MME derives a new 4G-master key″ from the 4G-master key′received from the source AMF using a 4G-freshness parameter. The targetMME also derives K_(eNB) from the 4G-master key″. In another embodiment,the 4G-master key″ is K_(eNB). The target MME sends a Handover Requestto the E-UTRAN, represented by a target eNB in the figure. The HandoverRequest comprises K_(eNB) and the 4G-freshness parameter. The HandoverRequest typically also comprises information of allowed AS integrity andciphering algorithm(s). In an embodiment, the 4G-freshness parameter isincluded in a NAS security container, which is transparent to the targetRAN, i.e., E-UTRAN. The target eNB sends a Handover Request Ack to thetarget MME. This Handover Request Ack comprises a Target to SourceTransparent Container with NAS security parameters including the4G-freshness parameter. Thus, the Target to Source Transparent Containerpreferably comprises the previously received NAS security container.

The target MME sends a Relocation Response message to the source AMF inresponse to the previously received Relocation Request message. TheRelocation Response message comprises the Target to Source TransparentContainer with NAS security parameters including the 4G-freshnessparameter, such as in the NAS security container. The source AMF sends aHandover Command to the source gNB. The Handover Command comprises theTarget to Source Transparent Container with NAS security parameters,including the 4G-freshness parameter, such as in the NAS securitycontainer. The Handover Command, such as the Target to SourceTransparent Container in the Handover Command, also comprises the5G-freshness parameter included by the source AMF. The source gNBforwards the Handover Command to the UE. Thus, the Handover Command sentfrom the source gNB to the UE comprises the 5G-freshness parameter and,in the illustrated embodiment, also the 4G-freshness parameter.

The UE uses the 5G-freshness parameter included in the Handover Commandto derive the 4G-master key′ based on the 5G key, such as from K_(CN),K_(CN-MM), K_(MMF), K_(AMF) or K_(SEAF). The UE also derives the4G-master key″ from the 4G-master key′ using the 4G-freshness parameterreceived, in this embodiment, in the Handover Command.

The UE may optionally also calculate K_(eNB) from the 4G-master key″, oralternatively the 4G-master key″ is K_(eNB). In such a case, both the UEand the target eNB have access to a respective copy of the K_(eNB) key.

The UE detaches from the NG RAN and the source gNB and synchronizes tothe E-UTRAN and the target eNB. The UE confirms handover to the targeteNB by a Handover Complete message. The target eNB notifies the targetMME that the UE is handed over to the E-UTRAN and the target eNB by aHandover Complete message.

In a variant of the signaling flow shown in FIG. 10 , the 4G-freshnessparameter is not included in the Handover Request sent from the targetMME to the target eNB. Accordingly, the 4G-freshness parameter is notincluded in the Handover Request Ack sent by the target eNB in responseto the Handover Request.

In another variant of the signaling flow shown in FIG. 10 , the4G-freshness parameter is known to both the target MME and the UE. Forinstance, the 4G-freshness parameter could be some static informationthat does not change between different handover occasions. In such avariant, the 4G-freshness parameter is not included in the HandoverRequest, the Handover Request Ack, the Relocation Response, nor theHandover Command.

In FIG. 10 , the NGS RAN has been represented by a NGS Node B, denotedgNB. In NGS, EPS/LTE eNBs might also be connected to the NGS corenetwork, such as to the AMF. In such embodiments, an EPS/LTE eNBreplaces the source gNB in FIG. 10 .

Hence, in an embodiment, the source AMF in NGS derives a new 4G-masterkey′ from a 5G key, such as K_(CN), K_(CN-MM), K_(MMF), K_(AMF) orK_(SEAF), stored in or otherwise available at the source AMF using a5G-freshness parameter. The source AMF sends the new 4G-master key′ tothe target MME in EPS/LTE. The source AMF also sends the 5G-freshnessparameter to the UE.

In an embodiment, the target MME derives a new 4G-master key″ from the4G-master key′ received from the source AMF using a 4G-freshnessparameter. The target MME takes the new 4G-master key″ into use and canderive further NAS keys and AS keys from the 4G-master key″, such asK_(NAsenc), K_(NAsint), and/or K_(eNB), see FIG. 4 . In addition,K_(eNB) derived from or being the 4G-master key″ may, in an embodiment,in turn be used to derive UP keys, such as K_(UPint), K_(UPenc), and/orRRC keys, such as K_(RRCint), K_(RRCenc).

As was mentioned in the foregoing, the UE can get information of the4G-freshness parameter according to various embodiment. In a firstembodiment, the 4G freshness parameter is known to the target MME andthe UE, and is not sent through the source wireless communicationsystem, such as through the source AMF and source gNB. The 4G-freshnessparameter could be some static information that does not change atfurther handovers. In a second embodiment, the target MME sends the 4Gfreshness parameter to the UE, optionally via the target eNB and, viathe source AMF and then via the source gNB to the UE.

An aspect of the embodiments relates to a key management method inconnection with handover of a user equipment from a source wirelesscommunication system to a target wireless communication system. Themethod comprises deriving a first 4G-master key, such as 4G-master key′,based on i) a 5G key, such as K_(SEAF), K_(MMF), K_(CN), K_(CN-MM) orK_(AMF), available at a core network of a source 5G wirelesscommunication system, such as NGS, and the user equipment, and ii) a5G-freshness parameter. The method also comprises forwarding the first4G-master key to a core network of a target 4G wireless communicationsystem, such as EPS/LTE, for enabling deriving a second 4G-master key,such as 4G-master key″, based on the first 4G-master key and a4G-freshness parameter. The method further comprises forwarding the5G-freshness parameter to the user equipment for enabling deriving thefirst 4G-master key based on the 5G key and the 5G-freshness parameterand deriving the second 4G-master key based on the first 4G-master keyand the 4G-freshness parameter.

The key management method thereby enables the user equipment tocommunicate securely with a radio access network of the target 4Gwireless communication system using the second 4G-master key or a key,such as K_(eNB), K_(UPint), K_(UPenc), K_(RRCint), and/or K_(RRCenc),derived based on the second 4G-master key and/or communicate securelywith a core network of the target 4G wireless communication system usingthe second 4G-master key or a key, such as K_(NAsint) and/or K_(NAsenc),derived based on the second 4G-master key.

In an embodiment, the key management method is performed in connectionwith handover of the user equipment in a connected state. In aparticular embodiment, the key management method is performed inconnection with handover of the user equipment in a connected state tothe source 5G wireless communication system.

In an embodiment, the method comprises generating the 5G-freshnessparameter based on reception of notification message indicating thathandover is required.

In a particular embodiment, the notification message is received from aradio access network (RAN) of the source 5G wireless communicationsystem, such as from a source RAN node, such as source gNB, of thesource 5G wireless communication system. In an embodiment, thenotification message optionally comprises an identifier of a target RANnode, such as target eNB, of the target 4G wireless communication systemand/or a Source to Target Transparent Container.

In an embodiment, deriving the first 4G-master key comprises deriving,calculating or generating the first 4G-master key by a key derivingfunction based on the 5G key and the 5G-freshness parameter. In aparticular embodiment, deriving the first 4G-master key comprisesderiving, calculating or generating the first 4G-master key by a keyderiving function based on the 5G key and a concatenation of a FC numberand the 5G-freshness parameter.

In an embodiment, deriving the first 4G-master key comprises deriving,calculating or generating the first 4G-master key based on K_(SEAF) andthe 5G-freshness parameter.

In an embodiment, deriving the first 4G-master key comprises deriving,calculating or generating the first 4G-master key based on K_(AMF) andthe 5G-freshness parameter.

In an embodiment, deriving the first 4G-master key comprises deriving,calculating or generating the first 4G-master key based on K_(MMF) andthe 5G-freshness parameter.

In an embodiment, deriving the first 4G-master key comprises deriving,calculating or generating the first 4G-master key based on K_(CN) andthe 5G-freshness parameter.

In an embodiment, deriving the first 4G-master key comprises deriving,calculating or generating the first 4G-master key based on K_(CN-MM) andthe 5G-freshness parameter.

In an embodiment, deriving the first 4G-master key comprises deriving,calculating or generating a 256-bit 4G-master key based on the 5G keyand the 5G-freshness parameter.

In an embodiment, deriving the first 4G-master key comprises a mobilitymanaging entity or functionality of the core network of the source 5Gwireless communication system deriving the first 4G-master key based onthe 5G key and the 5G-freshness parameter. In a particular embodiment,the mobility managing entity or functionality is AMF or a core networknode comprising the mobility managing functionality.

In a particular embodiment, forwarding the 5G-freshness parameter to theuser equipment comprises forwarding the 5G-freshness parameter to theuser equipment via the source mobility managing entity or functionality,such as source AMF, of the core network of the source 5G wirelesscommunication system.

In another particular embodiment, the method comprises receiving the5G-freshness parameter from the source mobility managing entity orfunctionality, such as source AMF, of the core network of the source 5Gwireless communication system.

In a further particular embodiment, deriving the first 4G-master keycomprises deriving the first 4G-master key based on the 5G key and the5G-freshness parameter in response to a key generation request from thesource mobility managing entity or functionality, such as source AMF, ofthe core network of the source 5G wireless communication system.

In an embodiment, forwarding the first 4G-master key to the core networkof the target 4G wireless communication system comprises forwarding thefirst 4G-master key to a target mobility managing entity orfunctionality, such as target MME, of the core network of the target 4Gwireless communication system.

In a particular embodiment, forwarding the first 4G-master key to thecore network of the target 4G wireless communication system comprisesforwarding a Relocation Request message comprising the first 4G-masterkey to the core network of the target 4G wireless communication system.The Relocation Request message optionally also comprises an identifierof a target RAN node, such as target eNB, of the target 4G wirelesscommunication system, a Source to Target Transparent Container and/or 5GUE Context, such as 5G UE Security Capabilities.

In an embodiment, forwarding the 5G-freshness parameter to the userequipment comprises forwarding the 5G-freshness parameter to the userequipment via a radio access network of the source 5G wirelesscommunication system, such as via a gNB.

In an embodiment, the method comprises receiving a Relocation Responsemessage comprising the 4G-freshness parameter from the core network ofthe target 4G wireless communication system. In a particular embodiment,the Relocation Response message also optionally comprises the Target toSource Transparent Container.

In an embodiment, forwarding the 5G-freshness parameter to the userequipment comprises forwarding a Handover Command comprising the5G-freshness parameter to the user equipment. In a particularembodiment, the Handover Command optionally comprises the 4G-freshnessparameter. In an alternative or additional particular embodiment, theHandover Command optionally comprises a Target to Source TransparentContainer, NG3 UL Tunneling Information for PD Forwarding and/or NASsecurity parameters.

The above described embodiments are preferably performed in a key and/ormobility managing entity or functionality of the core network of thesource 5G wireless communication system, such as in a core network nodecomprising such a key and/or mobility managing entity or functionality,e.g., the AMF or a core network node comprising the AMF.

Another aspect of the embodiments relates to a key management method inconnection with handover of a user equipment from a source wirelesscommunication system to a target wireless communication system. Themethod comprises receiving, at a core network of a target 4G wirelesscommunication system, such as EPS/LTE, and from a core network of asource 5G wireless communication system, such as NGS, a first 4G-masterkey, such as 4G-master key′, derived based on i) a 5G key, such asK_(SEAF), K_(MMF), K_(CN), K_(CN-MM) or K_(AMF), available at the corenetwork of the source 5G wireless communication system and the userequipment, and ii) a 5G-freshness parameter. The method also comprisesderiving a second 4G-master key, such as 4G-master key″, based on thefirst 4G-master key and a 4G-freshness parameter.

The key management method thereby enables the user equipment tocommunicate securely with a radio access network of the target 4Gwireless communication system using the second 4G-master key or a key,such as K_(eNB), K_(UPint), K_(UPenc), K_(RRCint), and/or K_(RRcenc),derived based on the second 4G-master key and/or communicate securelywith the core network of the target 4G wireless communication systemusing the second 4G-master key or a key, such as K_(NAsint) and/orK_(NAsenc), derived based on the second 4G-master key.

In an embodiment, the key management method is performed in connectionwith handover of the user equipment in a connected state. In aparticular embodiment, the key management method is performed inconnection with handover of the user equipment in a connected state tothe source 5G wireless communication system.

In an embodiment, the method comprises generating the 4G-freshnessparameter based on reception of the first 4G-master key.

In an embodiment, deriving the second 4G-master key comprises deriving,calculating or generating a 256-bit 4G-master key based on the first4G-master key and the 4G-freshness parameter.

In an embodiment, deriving the second 4G-master key comprises deriving,calculating or generating the second 4G-master key by a key derivingfunction based on the first 4G-master key and the 4G-freshnessparameter. In a particular embodiment, deriving the second 4G-master keycomprises deriving, calculating or generating the second 4G-master keyby a key deriving function based on the first 4G-master key and aconcatenation of a FC number and the 4G-freshness parameter.

In an embodiment, deriving the second 4G-master key comprises a mobilitymanaging entity or functionality of the core network of the target 4Gwireless communication system deriving the second 4G-master key based onthe first 4G-master key and the 4G-freshness parameter. In a particularembodiment, the mobility managing entity or functionality is MME or acore network node comprising the mobility managing functionality.

In an embodiment, receiving the first 4G-master key comprises receiving,from the core network of the source 5G wireless communication system, aRelocation Request message comprising the first 4G-master key. TheRelocation Request message optionally also comprises an identifier of atarget RAN node, such as target eNB, of the target 4G wirelesscommunication system, a Source to Target Transparent Container and/or 5GUE Context, such as 5G UE Security Capabilities.

In an embodiment, the method also comprises forwarding the second4G-master key or a key, such as K_(eNB), K_(UPint), K_(UPenc),K_(RRCint), and/or K_(RRcenc), derived from the second 4G-master key, toa radio access network of the target 4G wireless communication system.

In another embodiment, the method comprises forwarding the second4G-master key or a key, such as K_(eNB), K_(UPint), K_(UPenc),K_(RRCint), and/or K_(RRcenc), derived from the second 4G-master key,and the 4G-freshness parameter to a radio access network of the target4G wireless communication system.

In a particular embodiment, forwarding the second 4G-master keycomprises forwarding a Handover Request message comprising the keyderived from the second 4G-master key and optionally the 4G-freshnessparameter to the radio access network of the target 4G wirelesscommunication system. In a particular embodiment, the Handover Requestoptionally comprises Source to Target Transparent Container, E-RABContexts, optionally including S1 UL Tunneling Information, and/orallowed AS integrity and ciphering algorithm(s).

In another particular embodiment, the method also comprises receiving aHandover Request Acknowledgment comprising the 4G-freshness parameterfrom the radio access network of the target 4G wireless communicationsystem. In a particular embodiment, the Handover Request Acknowledgmentoptionally comprises Target to Source Transparent Container, S1 DLTunneling Information for PDU Forwarding and/or NAS security parameters.

In an embodiment, the method also comprises forwarding the 4G-freshnessparameter to the user equipment.

In a particular embodiment, forwarding the 4G-freshness parameter to theuser equipment comprises forwarding the 4G-freshness parameter to theuser equipment via the core network and a radio access network of thesource 5G wireless communication system.

In another particular embodiment, forwarding the 4G-freshness parameterto the user equipment comprises transmitting a Relocation Responsemessage comprising the 4G-freshness parameter to the core network of thesource 5G wireless communication system, which compiles a HandoverCommand comprising the 4G-freshness parameter based on the RelocationResponse message and forwards the Handover Command to the user equipmentvia the radio access network of the source 5G wireless communicationsystem. In a particular embodiment, the Relocation Response message alsooptionally comprises the Target to Source Transparent Container.

The above described embodiments are preferably performed in a key and/ormobility managing entity or functionality of the core network of thetarget 4G wireless communication system, such as in a core network nodecomprising such a key and/or mobility managing entity or functionality,e.g., the MME or a core network node comprising the MME.

A further aspect of the embodiments relates to a key management methodin connection with handover of a user equipment from a source wirelesscommunication system to a target wireless communication system. Themethod comprises deriving a first 4G-master key, such as 4G-master key′,based on a 5G key, such as K_(SEAF), K_(MMF), K_(CN), K_(CN-MM),K_(AMF), available at the user equipment and a core network of a source5G wireless communication system, such as NGS, and a 5G-freshnessparameter originating from the core network of the source 5G wirelesscommunication system. The method also comprises deriving a second4G-master key, such as 4G-master key″, based on the first 4G-master keyand a 4G-freshness parameter available at a core network of a target 4Gwireless communication system.

The key management method thereby enables the user equipment tocommunicate securely with a radio access network of the target 4Gwireless communication system using the second 4G-master key or a key,such as K_(eNB), K_(UPint), K_(UPenc), K_(RRCint), and/or K_(RRcenc),derived based on the second 4G-master key and/or communicate securelywith a core network of the target 4G wireless communication system usingthe second 4G-master key or a key, such as K_(NAsint) and/or K_(NAsenc),derived based on the second 4G-master key.

In an embodiment, the key management method is performed in connectionwith handover of the user equipment in a connected state. In aparticular embodiment, the key management method is performed inconnection with handover of the user equipment in a connected state tothe source 5G wireless communication system.

In an embodiment, deriving the first 4G-master key comprises deriving,calculating or generating the first 4G-master key by a key derivingfunction based on the 5G key and the 5G-freshness parameter. In aparticular embodiment, deriving the first 4G-master key comprisesderiving, calculating or generating the first 4G-master key by a keyderiving function based on the 5G key and a concatenation of a FC numberand the 5G-freshness parameter.

In an embodiment, deriving the first 4G-master key comprises deriving,calculating or generating the first 4G-master key based on K_(SEAF) andthe 5G-freshness parameter.

In an embodiment, deriving the first 4G-master key comprises deriving,calculating or generating the first 4G-master key based on K_(AMF) andthe 5G-freshness parameter.

In an embodiment, deriving the first 4G-master key comprises deriving,calculating or generating the first 4G-master key based on K_(MMF) andthe 5G-freshness parameter.

In an embodiment, deriving the first 4G-master key comprises deriving,calculating or generating the first 4G-master key based on K_(CN) andthe 5G-freshness parameter.

In an embodiment, deriving the first 4G-master key comprises deriving,calculating or generating the first 4G-master key based on K_(CN-MM) andthe 5G-freshness parameter.

In an embodiment, deriving the first 4G-master key comprises deriving,calculating or generating a 256-bit 4G-master key based on the 5G keyand the 5G-freshness parameter.

In an embodiment, deriving the second 4G-master key comprises deriving,calculating or generating the second 4G-master key by a key derivingfunction based on the first 4G-master key and the 4G-freshnessparameter. In a particular embodiment, deriving the second 4G-master keycomprises deriving, calculating or generating the second 4G-master keyby a key deriving function based on the first 4G-master key and aconcatenation of a FC number and the 4G-freshness parameter.

In an embodiment, deriving the second 4G-master key comprises deriving,calculating or generating a 256-bit 4G-master key based on the first4G-master key and the 4G-freshness parameter.

In an embodiment, the method also comprises receiving the 5G-freshnessparameter from a radio access network of the source 5G wirelesscommunication system, such as from a gNB. In another embodiment, themethod also comprises receiving the 5G-freshness parameter and the4G-freshness parameter from a radio access network of the source 5Gwireless communication system, such as from a gNB.

In a particular embodiment, receiving the 5G-freshness parametercomprises receiving a Handover Command comprising the 5G-freshnessparameter and optionally the 4G-freshness parameter. In anotherparticular embodiment, the Handover Command optionally also comprisesTarget to Source Transparent container and/or NAS security parameters.

In an embodiment, the method comprises providing the 4G-freshnessparameter from a storage at the user equipment.

In an embodiment, the method comprises deriving at least one NAS key,such as K_(NAsint) and/or K_(NAsenc), based on the second 4G-master key.

In an embodiment, the method comprises deriving K_(eNB) based on thesecond 4G-master key. In an optional embodiment, the method alsocomprises deriving at least one of K_(UPint), K_(UPenc), K_(RRCint), andK_(RRcenc) based on the K_(eNB) derived from or being the second4G-master key.

The above described embodiments are preferably performed in a key and/ormobility managing entity or functionality of the user equipment.

In an embodiment, the 5G key is available at the core network of thesource 5G wireless communication system and the user equipment but notat the core network of the target 4G wireless communication system.

In an embodiment, the 5G-freshness parameter is not available at thecore network of the target 4G wireless communication system.

In an embodiment, the 4G-freshness parameter is not available at thecore network of the source 5G wireless communication system.

In an embodiment, the 5G-freshness parameter is a counter value.

Yet another aspect of the embodiments relates to a key managementarrangement. In an embodiment, the key management arrangement isconfigured to derive a first 4G-master key, such as 4G-master key′,based on i) a 5G key, such as K_(SEAF), K_(MMF), K_(CN), K_(CN-MM) orK_(AMF), available at a core network of a source 5G wirelesscommunication system and a user equipment to be handed over from thesource 5G wireless communication system to a target 4G wirelesscommunication system, and ii) a 5G-freshness parameter. The keymanagement arrangement is also configured to forward the first 4G-masterkey to a core network of the target 4G wireless communication system forenabling deriving a second 4G-master key, such as 4G-master key″, basedon the first 4G-master key and a 4G-freshness parameter. The keymanagement arrangement is further configured to forward the 5G-freshnessparameter to the user equipment for enabling deriving the first4G-master key based on the 5G key and the 5G-freshness parameter andderiving the second 4G-master key based on the first 4G-master key andthe 4G-freshness parameter.

The key management arrangement thereby enables the user equipment tocommunicate securely with a radio access network of the target 4Gwireless communication system using the second 4G-master key or a key,such as K_(eNB), K_(UPint), K_(UPenc), K_(RRCint), and/or K_(RRcenc),derived based on the second 4G-master key and/or communicate securelywith a core network of the target 4G wireless communication system usingthe second 4G-master key or a key, such as K_(NAsint) and/or K_(NAsenc),derived based on the second 4G-master key.

The key management arrangement may be implemented in or constitute apart of a mobility management arrangement. For instance, the keymanagement arrangement could constitute or form part of the AMF, MMF orCN-MM entities. In either case, the key management arrangement or themobility management arrangement is preferably implemented in a networkunit suitable for operation in connection with the 5G wirelesscommunication system. The network unit could be, but is not limited to,a network device or a network node. In a particular embodiment, the keymanagement arrangement or the mobility management arrangement iscomprised in a core network node or distributed among multiple corenetwork nodes of the 5G wireless communication system.

The network device may be any device located in connection with the 5Gwireless communication system, including the core network of the 5Gwireless communication system. The term network device may alsoencompass computer-based network devices, such as cloud-based networkdevices for implementation in cloud-based environments. The network nodemay by any network node in the 5G wireless communication system, inparticular a network node in the core network.

In an embodiment, the key management arrangement is configured togenerate the 5G-freshness parameter based on reception of notificationmessage indicating that handover is required.

In an embodiment, the key management arrangement is configured toderive, calculate or generate the first 4G-master key by a key derivingfunction based on the 5G key and the 5G-freshness parameter. In aparticular embodiment, key management arrangement is configured toderive, calculate or generate the first 4G-master key by a key derivingfunction based on the 5G key and a concatenation of a FC number and the5G-freshness parameter.

In an embodiment, the key management arrangement is configured toderive, calculate or generate the first 4G-master key based on K_(SEAF)and the 5G-freshness parameter.

In an embodiment, the key management arrangement is configured toderive, calculate or generate the first 4G-master key based on K_(AMF)and the 5G-freshness parameter.

In an embodiment, the key management arrangement is configured toderive, calculate or generate the first 4G-master key based on K_(MMF)and the 5G-freshness parameter.

In an embodiment, the key management arrangement is configured toderive, calculate or generate the first 4G-master key based on K_(CN)and the 5G-freshness parameter.

In an embodiment, the key management arrangement is configured toderive, calculate or generate the first 4G-master key based on K_(CN-MM)and the 5G-freshness parameter.

In an embodiment, the key management arrangement is configured toderive, calculate or generate a 256-bit 4G-master key based on the 5Gkey and the 5G-freshness parameter.

In an embodiment, the key management arrangement is configured toreceive the 5G-freshness parameter from a source mobility managingentity or functionality, such as source AMF, of the core network of thesource 5G wireless communication system.

In an embodiment, the key management arrangement is configured to derivethe first 4G-master key based on the 5G key and the 5G-freshnessparameter in response to a key generation request from a source mobilitymanaging entity or functionality, such as source AMF, of the corenetwork of the source 5G wireless communication system.

In an embodiment, the key management arrangement is configured toforward the first 4G-master key to a target mobility managing entity orfunctionality, such as target MME, of the core network of the target 4Gwireless communication system.

In a particular embodiment, the key management arrangement is configuredto forward a Relocation Request message comprising the first 4G-masterkey to the core network of the target 4G wireless communication system.

In an embodiment, the key management arrangement is configured toforward the 5G-freshness parameter to the user equipment via a radioaccess network of the source 5G wireless communication system, such asvia a gNB.

In an embodiment, the key management arrangement is configured toreceive a Relocation Response message comprising the 4G-freshnessparameter from the core network of the target 4G wireless communicationsystem.

In an embodiment, the key management arrangement is configured toforward a Handover Command comprising the 5G-freshness parameter to theuser equipment. In a particular embodiment, the Handover Commandoptionally comprises the 4G-freshness parameter.

Another aspect of the embodiments relates to a key managementarrangement. The key management arrangement is configured to receive,from a core network of a source 5G wireless communication system, suchas NGS, a first 4G-master key, such as 4G-master key′, derived based oni) a 5G key, such as K_(SEAF), K_(MMF), K_(CN), K_(CN-MM) or K_(AMF),available at the core network of the source 5G wireless communicationsystem and a user equipment to be handed over from the source 5Gwireless communication system to a target 4G wireless communicationsystem, and ii) a 5G-freshness parameter. The key management arrangementis also configured to derive a second 4G-master key, such as 4G-masterkey″, based on the first 4G-master key and a 4G-freshness parameter.

The key management arrangement thereby enables the user equipment tocommunicate securely with a radio access network of the target 4Gwireless communication system using the second 4G-master key or the key,such as K_(eNB), K_(UPint), K_(UPenc), K_(RRCint), and/or K_(RRcenc),derived based on the second 4G-master key and/or communicate securelywith the core network of the target 4G wireless communication systemusing the second 4G-master key or the key, such as K_(NAsint) and/orK_(NAsenc), derived based on the second 4G-master key.

The network device may be any device located in connection with the 4Gwireless communication system, including the core network of the 4Gwireless communication system. The term network device may alsoencompass computer-based network devices, such as cloud-based networkdevices for implementation in cloud-based environments. The network nodemay by any network node in the 4G wireless communication system, inparticular a network node in the core network.

The key management arrangement may be implemented in or constitute apart of a mobility management arrangement. For instance, the keymanagement arrangement could constitute or form part of a MME entity. Ineither case, the key management arrangement or the mobility managementarrangement is preferably implemented in a network unit suitable foroperation in connection with the 4G wireless communication system. Thenetwork unit could be, but is not limited to, a network device or anetwork node. In a particular embodiment, the key management arrangementor the mobility management arrangement is comprised in a core networknode or distributed among multiple core network nodes of the 4G wirelesscommunication system.

In an embodiment, the key management arrangement is configured togenerate the 4G-freshness parameter based on reception of the first4G-master key.

In an embodiment, the key management arrangement is configured toderive, calculate or generate a 256-bit 4G-master key based on the first4G-master key and the 4G-freshness parameter.

In an embodiment, the key management arrangement is configured toderive, calculate or generate the second 4G-master key by a key derivingfunction based on the first 4G-master key and the 4G-freshnessparameter. In a particular embodiment, the key management arrangement isconfigured to derive, calculate or generate the second 4G-master key bya key deriving function based on the first 4G-master key and aconcatenation of a FC number and the 4G-freshness parameter.

In an embodiment, the key management arrangement is configured toreceive, from the core network of the source 5G wireless communicationsystem, a Relocation Request message comprising the first 4G-master key.

In an embodiment, the key management arrangement is configured toforward the second 4G-master key or a key, such as K_(eNB), K_(UPint),K_(UPenc), K_(RRCint), and/or K_(RRcenc), derived from the second4G-master key to a radio access network of the target 4G wirelesscommunication system.

In another embodiment, the key management arrangement is configured toforward the second 4G-master key or a key, such as K_(eNB), K_(UPint),K_(UPenc), K_(RRCint), and/or K_(RRCenc), derived from the second4G-master key and the 4G-freshness parameter to a radio access networkof the target 4G wireless communication system.

In a particular embodiment, the key management arrangement is configuredto forward a Handover Request message comprising the key derived fromthe second 4G-master key and optionally the 4G-freshness parameter tothe radio access network of the target 4G wireless communication system.

In another particular embodiment, the key management arrangement isconfigured to receive a Handover Request Acknowledgment comprising the4G-freshness parameter from the radio access network of the target 4Gwireless communication system.

In an embodiment, the key management arrangement is configured toforward the 4G-freshness parameter to the user equipment.

A further aspect of the embodiments relates to a key managementarrangement. In an embodiment, the key management arrangement isconfigured to derive a first 4G-master key, such as 4G-master key′,based on i) a 5G key, such as K_(SEAF), K_(MMF), K_(CN), K_(CN-MM),K_(AMF), available at a user equipment to be handed over from a source5G wireless communication system, such as NGS, to a target 4G wirelesscommunication system, such as EPS/LTE, and a core network of the source5G wireless communication system, and ii) a 5G-freshness parameteroriginating from the core network of the source 5G wirelesscommunication system. The key management arrangement is also configuredto derive a second 4G-master key, such as 4G-master key″, based on thefirst 4G-master key and a 4G-freshness parameter available at a corenetwork of the target 4G wireless communication system.

The key management arrangement thereby enables the user equipment tocommunicate securely with a radio access network of the target 4Gwireless communication system using the second 4G-master key or a key,such as K_(eNB), K_(UPint), K_(UPenc), K_(RRCint), and/or K_(RRCenc),derived based on the second 4G-master key and/or communicate securelywith a core network of the target 4G wireless communication system usingthe second 4G-master key or a key, such as K_(NAsint) and/or K_(NAsenc),derived based on the second 4G-master key.

The key management arrangement may be implemented in or constitute apart of a mobility management arrangement. In either case, the keymanagement arrangement or the mobility management arrangement ispreferably implemented in the user equipment.

User Equipment (UE) may refer to a mobile phone, a cellular phone, asmart phone, a Personal Digital Assistant (PDA) equipped with radiocommunication capabilities, a laptop or Personal Computer (PC) equippedwith an internal or external mobile broadband modem, a tablet with radiocommunication capabilities, a target device, a device to device UE, amachine type UE or UE capable of machine to machine communication,Customer Premises Equipment (CPE), Laptop Embedded Equipment (LEE),Laptop Mounted Equipment (LME), USB dongle, a portable electronic radiocommunication device, a sensor device equipped with radio communicationcapabilities or the like. In particular, the term user equipment shouldbe interpreted as non-limiting terms comprising any type of wirelessdevice communicating with a network node in a wireless communicationsystem. In other words, a wireless communication device may be anydevice equipped with circuitry for wireless communication in 5G and 4Gwireless communication systems, such as NGS and EPS/LTE.

In an embodiment, the key management arrangement is configured toderive, calculate or generate the first 4G-master key by a key derivingfunction based on the 5G key and the 5G-freshness parameter. In aparticular embodiment, the key management arrangement is configured toderive, calculate or generate the first 4G-master key by a key derivingfunction based on the 5G key and a concatenation of a FC number and the5G-freshness parameter.

In an embodiment, the key management arrangement is configured toderive, calculate or generate the first 4G-master key based on K_(SEAF)and the 5G-freshness parameter.

In an embodiment, the key management arrangement is configured toderive, calculate or generate the first 4G-master key based on K_(AMF)and the 5G-freshness parameter.

In an embodiment, the key management arrangement is configured toderive, calculate or generate the first 4G-master key based on K_(MMF)and the 5G-freshness parameter.

In an embodiment, the key management arrangement is configured toderive, calculate or generate the first 4G-master key based on K_(CN)and the 5G-freshness parameter.

In an embodiment, the key management arrangement is configured toderive, calculate or generate the first 4G-master key based on K_(CN-MM)and the 5G-freshness parameter.

In an embodiment, the key management arrangement is configured toderive, calculate or generate a 256-bit 4G-master key based on the 5Gkey and the 5G-freshness parameter.

In an embodiment, the key management arrangement is configured toderive, calculate or generate the second 4G-master key by a key derivingfunction based on the first 4G-master key and the 4G-freshnessparameter. In a particular embodiment, the key management arrangement isconfigured to derive, calculate or generate the second 4G-master key bya key deriving function based on the first 4G-master key and aconcatenation of a FC number and the 4G-freshness parameter.

In an embodiment, the key management arrangement is configured toderive, calculate or generate a 256-bit 4G-master key based on the first4G-master key and the 4G-freshness parameter.

In an embodiment, the key management arrangement is configured toreceive the 5G-freshness parameter from a radio access network of thesource 5G wireless communication system, such as from a gNB. In anotherembodiment, the key management arrangement is configured to receive the5G-freshness parameter and the 4G-freshness parameter from a radioaccess network of the source 5G wireless communication system, such asfrom a gNB.

In a particular embodiment, the key management arrangement is configuredto receive a Handover Command comprising the 5G-freshness parameter andoptionally the 4G-freshness parameter.

In an embodiment, the key management arrangement is configured toprovide the 4G-freshness parameter from a storage at the user equipment.

In an embodiment, the key management arrangement is configured to deriveat least one NAS key, such as K_(NAsint) and/or K_(NAsenc), based on thesecond 4G-master key.

In an embodiment, the key management arrangement is configured to deriveK_(eNB) based on the second 4G-master key. In an optional embodiment,the key management arrangement is configured to derive at least one ofK_(UPint), K_(UPenc), K_(RRCint), and K_(RRcenc) based on the K_(eNB)derived from or being the second 4G-master key.

It will be appreciated that the methods and arrangements describedherein can be implemented, combined and re-arranged in a variety ofways.

For example, embodiments may be implemented in hardware, or in softwarefor execution by suitable processing circuitry, or a combinationthereof.

The steps, functions, procedures, modules and/or blocks described hereinmay be implemented in hardware using any conventional technology, suchas discrete circuit or integrated circuit technology, including bothgeneral-purpose electronic circuitry and application-specific circuitry.

Alternatively, or as a complement, at least some of the steps,functions, procedures, modules and/or blocks described herein may beimplemented in software such as a computer program for execution bysuitable processing circuitry such as one or more processors orprocessing units.

Examples of processing circuitry includes, but is not limited to, one ormore microprocessors, one or more Digital Signal Processors (DSPs), oneor more Central Processing Units (CPUs), video acceleration hardware,and/or any suitable programmable logic circuitry such as one or moreField Programmable Gate Arrays (FPGAs), or one or more ProgrammableLogic Controllers (PLCs).

It should also be understood that it may be possible to re-use thegeneral processing capabilities of any conventional device or unit inwhich the proposed technology is implemented. It may also be possible tore-use existing software, e.g. by reprogramming of the existing softwareor by adding new software components.

FIG. 11 is a schematic block diagram illustrating an example of a keymanagement arrangement 100 based on a processor-memory implementationaccording to an embodiment. In this particular example, the keymanagement arrangement 100 comprises a processor 101 and a memory 102.The memory 102 comprises instructions executable by the processor 102,whereby the processor is operative to perform the functions describedherein.

Optionally, the key management arrangement 100 may also include acommunication circuit 103. The communication circuit 103 may includefunctions for wired and/or wireless communication with other devicesand/or network nodes in the wireless communication system. In aparticular example, the communication circuit 103 may be based on radiocircuitry for communication with one or more other nodes, includingtransmitting and/or receiving information. The communication circuit 103may be interconnected to the processor 101 and/or memory 102. By way ofexample, the communication circuit 103 may include any of the following:a receiver, a transmitter, a transceiver, input/output (I/O) circuitry,input port(s) and/or output port(s).

FIG. 12 is a schematic block diagram illustrating another example of akey management arrangement 110 based on a hardware circuitryimplementation according to an embodiment. Particular examples ofsuitable hardware circuitry include one or more suitably configured orpossibly reconfigurable electronic circuitry, e.g., Application SpecificIntegrated Circuits (ASICs), FPGAs, or any other hardware logic such ascircuits based on discrete logic gates and/or flip-flops interconnectedto perform specialized functions in connection with suitable registers(REG), and/or memory units (MEM).

FIG. 13 is a schematic block diagram illustrating yet another example ofa key management arrangement 120 based on combination of bothprocessor(s) 122, 123 and hardware circuitry 124, 125 in connection withsuitable memory unit(s) 121. The key management arrangement 120comprises one or more processors 122, 123, memory 121 including storagefor software (SW) and data, and one or more units of hardware circuitry124, 125. The overall functionality is thus partitioned betweenprogrammed software for execution on one or more processors 122, 123,and one or more pre-configured or possibly reconfigurable hardwarecircuits 124, 125. The actual hardware-software partitioning can bedecided by a system designer based on a number of factors includingprocessing speed, cost of implementation and other requirements.

FIG. 14 is a schematic diagram illustrating an example of acomputer-implementation 200 according to an embodiment. In thisparticular example, at least some of the steps, functions, procedures,modules and/or blocks described herein are implemented in a computerprogram 240, which is loaded into the memory 220 for execution byprocessing circuitry including one or more processors 210. Theprocessor(s) 210 and memory 220 are interconnected to each other toenable normal software execution. An optional input/output (I/O) device230 may also be interconnected to the processor(s) 210 and/or the memory20 to enable input and/or output of relevant data, such as4G/5G-freshness parameter(s) and/or 4G-master key′.

The term ‘processor’ should be interpreted in a general sense as anysystem or device capable of executing program code or computer programinstructions to perform a particular processing, determining orcomputing task.

The processing circuitry including one or more processors 210 is thusconfigured to perform, when executing a computer program 240,well-defined processing tasks such as those described herein.

The processing circuitry does not have to be dedicated to only executethe above-described steps, functions, procedure and/or blocks, but mayalso execute other tasks.

In an embodiment, the computer program 240 comprises instructions, whichwhen executed by at least one processor 210, cause the at least oneprocessor 210 to perform the actions described herein.

In a particular embodiment, the computer program 240 comprisesinstructions, which when executed by at least one processor 210, causethe at least one processor 210 to derive a first 4G-master key, such as4G-master key′, based on i) a 5G key, such as K_(SEAF), K_(MMF), K_(CN),K_(CN-MM) or K_(AMF), available at a core network of a source 5Gwireless communication system and a user equipment to be handed overfrom the source 5G wireless communication system to a target 4G wirelesscommunication system, and ii) a 5G-freshness parameter.

In an optional embodiment, the at least one processor 210 is also causedto provide the first 4G-master key for transmission to a core network ofthe target 4G wireless communication system for enabling deriving asecond 4G-master key, such as 4G-master key″, based on the first4G-master key and a 4G-freshness parameter. In this embodiment, the atleast one processor 210 is further caused to provide the 5G-freshnessparameter for transmission to the user equipment for enabling derivingthe first 4G-master key based on the 5G key and the 5G-freshnessparameter and deriving the second 4G-master key based on the first4G-master key and the 4G-freshness parameter.

In another particular embodiment, the computer program 240 comprisesinstructions, which when executed by at least one processor 210, causethe at least one processor 210 to derive a second 4G-master key, such as4G-master key″, based on a 4G-freshness parameter and a first 4G-masterkey, such as 4G-master key′, originating from a core network of a source5G wireless communication system, such as NGS, and derived based on a i)5G key, such as K_(SEAF), K_(MMF), K_(CN), K_(CN-MM) or K_(AMF),available at the core network of the source 5G wireless communicationsystem and a user equipment to be handed over from the source 5Gwireless communication system to a target 4G wireless communicationsystem, and ii) a 5G-freshness parameter.

In a further embodiment, the computer program 240 comprisesinstructions, which when executed by at least one processor 210, causethe at least one processor 210 to derive a first 4G-master key, such as4G-master key′, based on i) a 5G key, such as K_(SEAF), K_(MMF), K_(CN),K_(CN-MM), K_(AMF), available at a user equipment to be handed over froma source 5G wireless communication system, such as NGS, to a target 4Gwireless communication system, such as EPS/LTE, and a core network ofthe source 5G wireless communication system, and ii) a 5G-freshnessparameter originating from the core network of the source 5G wirelesscommunication system. The at least one processor 210 is also caused toderive a second 4G-master key, such as 4G-master key″, based on thefirst 4G-master key and a 4G-freshness parameter available at a corenetwork of the target 4G wireless communication system.

According to yet another aspect, there is provided a computer programproduct comprising a computer-readable medium in which a computerprogram 240 of the above is stored.

The proposed technology also provides a carrier 250 comprising thecomputer program 240, wherein the carrier 250 is one of an electronicsignal, an optical signal, an electromagnetic signal, a magnetic signal,an electric signal, a radio signal, a microwave signal, or acomputer-readable storage medium.

By way of example, the software or computer program 240 may be realizedas a computer program product, which is normally carried or stored on acomputer-readable medium 250, in particular a non-volatile medium. Thecomputer-readable medium may include one or more removable ornon-removable memory devices including, but not limited to a Read-OnlyMemory (ROM), a Random Access Memory (RAM), a Compact Disc (CD), aDigital Versatile Disc (DVD), a Blu-ray disc, a Universal Serial Bus(USB) memory, a Hard Disk Drive (HDD) storage device, a flash memory, amagnetic tape, or any other conventional memory device. The computerprogram 240 may thus be loaded into the operating memory 220 of acomputer or equivalent processing device for execution by the processingcircuitry 210 thereof.

The method steps presented herein may be regarded as a computerprocesses, when performed by one or more processors. A corresponding keyarrangement apparatus may be defined as a group of function modules,where each step performed by the processor corresponds to a functionmodule. In this case, the function modules are implemented as a computerprogram running on the processor.

The computer program residing in memory may thus be organized asappropriate function modules configured to perform, when executed by theprocessor, at least part of the steps and/or tasks described herein.

FIG. 15 is a schematic diagram illustrating an example of a keymanagement arrangement 130 according to an embodiment. The keymanagement arrangement 130 comprises a key deriving module 131 forderiving a first 4G-master key, such as 4G-master key′, based on a i) 5Gkey, such as K_(SEAF), K_(MMF), K_(CN), K_(CN-MM) or K_(AMF), availableat a core network of a source 5G wireless communication system and auser equipment to be handed over from the source 5G wirelesscommunication system to a target 4G wireless communication system, andii) a 5G-freshness parameter In an optional embodiment, the keymanagement arrangement 130 comprises a key providing module 132 forproviding the first 4G-master key for transmission to a core network ofthe target 4G wireless communication system for enabling deriving asecond 4G-master key, such as 4G-master key″, based on the first4G-master key and a 4G-freshness parameter. In this embodiment, or in analternative embodiment, the key management arrangement 131 optionallyalso comprises a parameter providing module 133 for providing the5G-freshness parameter for transmission to the user equipment forenabling deriving the first 4G-master key based on the 5G key and the5G-freshness parameter and deriving the second 4G-master key based onthe first 4G-master key and the 4G-freshness parameter.

FIG. 16 is a schematic diagram illustrating an example of a keymanagement arrangement 140 according to an embodiment. The keymanagement arrangement 140 comprises a key deriving module 141 forderiving a second 4G-master key, such as 4G-master key″, based on a4G-freshness parameter and a first 4G-master key, such as 4G-masterkey′, originating from a core network of a source 5G wirelesscommunication system, such as NGS, and derived based on i) a 5G key,such as K_(SEAF), K_(MMF), K_(CN), K_(CN)-MM or K_(AMF), available atthe core network of the source 5G wireless communication system and auser equipment to be handed over from the source 5G wirelesscommunication system to a target 4G wireless communication system, andii) a 5G-freshness parameter.

FIG. 17 is a schematic diagram illustrating an example of a keymanagement arrangement 150 according to an embodiment. The keymanagement arrangement 150 comprises a first key deriving module 151 forderiving a first 4G-master key, such as 4G-master key′, based on i) a 5Gkey, such as K_(SEAF), K_(MMF), K_(CN), K_(CN-MM), K_(AMF), available ata user equipment to be handed over from a source 5G wirelesscommunication system, such as NGS, to a target 4G wireless communicationsystem, such as EPS/LTE, and a core network of the source 5G wirelesscommunication system, and ii) a 5G-freshness parameter originating fromthe core network of the source 5G wireless communication system. The keymanagement arrangement 150 also comprises a second key deriving module152 for deriving a second 4G-master key, such as 4G-master key″, basedon the first 4G-master key and a 4G-freshness parameter available at acore network of the target 4G wireless communication system.

The proposed technology is generally applicable to management ofsecurity contexts in wireless communications. The proposed technologymay be applied to many specific applications and communication scenariosincluding secure communication within wireless networks, securelyproviding various services within such networks, including so-calledOver-the-Top (OTT) services. For example, the proposed technology mayprovide the underlying security context(s) for secure communication, andenables and/or includes transfer and/or transmission and/or reception ofrelevant user data and/or control data in wireless communications.

A particular embodiment relates to a method, performed by a wirelessdevice, such as UE, further involving providing user data, andforwarding the user data to a host computer via the transmission to anetwork node.

Another particular embodiment relates to a corresponding wirelessdevice, such as UE, comprising processing circuitry configured toperform any of the steps of such a method.

A further particular embodiment relates to a method, performed by anetwork node, such as a base station, further involving obtaining userdata, and forwarding the user data to a host computer or a wirelessdevice.

Another particular embodiment relates to a corresponding network node,such as a base station, comprising processing circuitry configured toperform any of the steps of such a method.

Yet another particular embodiment relates to a correspondingcommunication system including a host computer and/or wireless deviceand/or a network node.

It is also becoming increasingly popular to provide computing services(hardware and/or software) in network devices, such as network nodesand/or servers where the resources are delivered as a service to remotelocations over a network. By way of example, this means thatfunctionality, as described herein, can be distributed or re-located toone or more separate physical nodes or servers. The functionality may bere-located or distributed to one or more jointly acting physical and/orvirtual machines that can be positioned in separate physical node(s),i.e., in the so-called cloud. This is sometimes also referred to ascloud computing, which is a model for enabling ubiquitous on-demandnetwork access to a pool of configurable computing resources such asnetworks, servers, storage, applications and general or customizedservices.

There are different forms of virtualization that can be useful in thiscontext, including one or more of:

-   -   Consolidation of network functionality into virtualized software        running on customized or generic hardware. This is sometimes        referred to as network function virtualization.    -   Co-location of one or more application stacks, including        operating system, running on separate hardware onto a single        hardware platform. This is sometimes referred to as system        virtualization, or platform virtualization.    -   Co-location of hardware and/or software resources with the        objective of using some advanced domain level scheduling and        coordination technique to gain increased system resource        utilization. This is sometimes referred to as resource        virtualization, or centralized and coordinated resource pooling.

Although it may often desirable to centralize functionality in so-calledgeneric data centres, in other scenarios it may in fact be beneficial todistribute functionality over different parts of the network.

A network device may generally be seen as an electronic device beingcommunicatively connected to other electronic devices in the network. Byway of example, the network device may be implemented in hardware,software or a combination thereof. For example, the network device maybe a special-purpose network device or a general purpose network device,or a hybrid thereof.

A special-purpose network device may use custom processing circuits anda proprietary operating system (OS), for execution of software toprovide one or more of the features or functions disclosed herein.

A general purpose network device may use common off-the-shelf (COTS)processors and a standard OS, for execution of software configured toprovide one or more of the features or functions disclosed herein.

By way of example, a special-purpose network device may include hardwarecomprising processing or computing resource(s), which typically includea set of one or more processors, and physical network interfaces (N Is),which sometimes are called physical ports, as well as non-transitorymachine readable storage media having stored thereon software. Aphysical NI may be seen as hardware in a network device through which anetwork connection is made, e.g. wirelessly through a wireless networkinterface controller (WNIC) or through plugging in a cable to a physicalport connected to a network interface controller (NIC). Duringoperation, the software may be executed by the hardware to instantiate aset of one or more software instance(s). Each of the softwareinstance(s), and that part of the hardware that executes that softwareinstance, may form a separate virtual network element.

By way of another example, a general purpose network device may, forexample, include hardware comprising a set of one or more processor(s),often COTS processors, and network interface controller(s) (NICs), aswell as non-transitory machine readable storage media having storedthereon software. During operation, the processor(s) executes thesoftware to instantiate one or more sets of one or more applications.While one embodiment does not implement virtualization, alternativeembodiments may use different forms of virtualization—for examplerepresented by a virtualization layer and software containers. Forexample, one such alternative embodiment implements operatingsystem-level virtualization, in which case the virtualization layerrepresents the kernel of an operating system, or a shim executing on abase operating system, that allows for the creation of multiple softwarecontainers that may each be used to execute one of a sets ofapplications. In an example embodiment, each of the software containers,also called virtualization engines, virtual private servers, or jails,is a user space instance, typically a virtual memory space. These userspace instances may be separate from each other and separate from thekernel space in which the operating system is executed; the set ofapplications running in a given user space, unless explicitly allowed,cannot access the memory of the other processes. Another suchalternative embodiment implements full virtualization, in which case: 1)the virtualization layer represents a hypervisor, sometimes referred toas a Virtual Machine Monitor (VMM), or the hypervisor is executed on topof a host operating system; and 2) the software containers eachrepresent a tightly isolated form of software container called a virtualmachine that is executed by the hypervisor and may include a guestoperating system.

A hypervisor is the software/hardware that is responsible for creatingand managing the various virtualized instances and in some cases theactual physical hardware. The hypervisor manages the underlyingresources and presents them as virtualized instances. What thehypervisor virtualizes to appear as a single processor may actuallycomprise multiple separate processors. From the perspective of theoperating system, the virtualized instances appear to be actual hardwarecomponents.

A virtual machine is a software implementation of a physical machinethat runs programs as if they were executing on a physical,non-virtualized machine; and applications generally do not know they arerunning on a virtual machine as opposed to running on a “bare metal”host electronic device, though some systems provide para-virtualizationwhich allows an operating system or application to be aware of thepresence of virtualization for optimization purposes.

The instantiation of the one or more sets of one or more applications aswell as the virtualization layer and software containers if implemented,are collectively referred to as software instance(s). Each set ofapplications, corresponding software container if implemented, and thatpart of the hardware that executes them (be it hardware dedicated tothat execution and/or time slices of hardware temporally shared bysoftware containers), forms a separate virtual network element(s).

The virtual network element(s) may perform similar functionalitycompared to Virtual Network Element(s) (VNEs). This virtualization ofthe hardware is sometimes referred to as Network Function Virtualization(NFV)). Thus, NFV may be used to consolidate many network equipmenttypes onto industry standard high volume server hardware, physicalswitches, and physical storage, which could be located in data centers,NDs, and Customer Premise Equipment (CPE). However, differentembodiments may implement one or more of the software container(s)differently. For example, while embodiments are illustrated with eachsoftware container corresponding to a VNE, alternative embodiments mayimplement this correspondence or mapping between software container-VNEat a finer granularity level; it should be understood that thetechniques described herein with reference to a correspondence ofsoftware containers to VNEs also apply to embodiments where such a finerlevel of granularity is used.

According to yet another embodiment, there is provided a hybrid networkdevice, which includes both custom processing circuitry/proprietary OSand COTS processors/standard OS in a network device, e.g. in a card orcircuit board within a network device ND. In certain embodiments of sucha hybrid network device, a platform Virtual Machine (VM), such as a VMthat implements functionality of a special-purpose network device, couldprovide for para-virtualization to the hardware present in the hybridnetwork device.

FIG. 18 is a schematic diagram illustrating an example of howfunctionality can be distributed or partitioned between differentnetwork devices in a general case. In this example, there are at leasttwo individual, but interconnected network devices 300, 301, which mayhave different functionalities, or parts of the same functionality,partitioned between the network devices 300, 301. There may beadditional network devices 302 being part of such a distributedimplementation. The network devices 300, 301, 302 may be part of thesame wireless or wired communication system, or one or more of thenetwork devices may be so-called cloud-based network devices locatedoutside of the wireless or wired communication system.

The embodiments described above are to be understood as a fewillustrative examples of the present invention. It will be understood bythose skilled in the art that various modifications, combinations andchanges may be made to the embodiments without departing from the scopeof the present invention. In particular, different part solutions in thedifferent embodiments can be combined in other configurations, wheretechnically possible.

The invention claimed is:
 1. A key management method in connection withhandover of a user equipment from a source wireless communication systemto a target wireless communication system, the method comprises:deriving a first 4G-master key based on a 5G key, K_(AMF), available atan Access and Mobility management Function (AMF) constituting a corenetwork node supporting mobility management of a source 5G wirelesscommunication system, and on a 5G-freshness parameter; forwarding thefirst 4G-master key to a target mobility managing entity (MME) of atarget 4G wireless communication system for enabling deriving a second4G-master key based on the first 4G-master key and a 4G-freshnessparameter; and forwarding the 5G-freshness parameter to the userequipment for enabling deriving the first 4G-master key based on the 5Gkey, K_(AMF), and the 5G-freshness parameter and deriving the second4G-master key based on the first 4G-master key and the 4G-freshnessparameter.
 2. The method of claim 1, further comprising generating the5G-freshness parameter based on reception of a notification messageindicating that handover is required from a radio access network (RAN)of the source 5G wireless communication system.
 3. The method of claim1, wherein forwarding the first 4G-master key to the core network of thetarget 4G wireless communication system comprises forwarding aRelocation Request message comprising the first 4G-master key to thecore network of the target 4G wireless communication system.
 4. Themethod of claim 1, wherein forwarding the 5G-freshness parameter to theuser equipment comprises forwarding a 5G NAS downlink count value to theuser equipment via a radio access network of the source 5G wirelesscommunication system.
 5. The method of claim 1, further comprisingreceiving a Relocation Response message comprising the 4G-freshnessparameter from the core network of the target 4G wireless communicationsystem, wherein forwarding the 5G-freshness parameter to the userequipment comprises forwarding a Handover Command comprising the5G-freshness parameter and the 4G-freshness parameter to the userequipment.
 6. A key management method in connection with handover of auser equipment from a source wireless communication system to a targetwireless communication system, the method comprising: receiving, at acore network of a target 4G wireless communication system and from acore network of a source 5G wireless communication system, a first4G-master key derived based on i) a 5G key available at the core networkof the source 5G wireless communication system, and at the userequipment, and ii) a 5G-freshness parameter; generating a 4G-freshnessparameter based on reception of the first 4G-master key; and a mobilitymanaging entity (MME) of the core network of the target 4G wirelesscommunication system deriving a second 4G-master key based on the first4G-master key and the 4G-freshness parameter.
 7. The method of claim 6,wherein receiving the first 4G-master key comprises receiving, from thecore network of the source 5G wireless communication system, aRelocation Request message comprising the first 4G-master key.
 8. Themethod of claim 6, further comprising forwarding the second 4G-masterkey or a key derived from the second 4G-master key to a radio accessnetwork of the target 4G wireless communication system to enable theuser equipment to communicate securely with the radio access network ofthe target 4G wireless communication system using the second 4G-masterkey or the key derived based on the second 4G-master key.
 9. The methodof claim 6, further comprising forwarding the 4G-freshness parameter tothe user equipment via the core network and a radio access network ofthe source 5G wireless communication system.
 10. A key management methodin connection with handover of a user equipment from a source 5Gwireless communication system to a target 4G wireless communicationsystem, the method comprises: deriving a first 4G-master key based on i)a 5G key (K_(AMF)) available at the user equipment and at an Access andMobility management Function (AMF) constituting a core network nodesupporting mobility management in the source 5G wireless communicationsystem and ii) a 5G-freshness parameter originating from a core networkof the source 5G wireless communication system; and deriving a second4G-master key based on the first 4G-master key and a 4G-freshnessparameter available at a core network node of the target 4G wirelesscommunication system.
 11. The method of claim 10, further comprisingreceiving the 4G-freshness parameter from the radio access network ofthe source 5G wireless communication system, or providing the4G-freshness parameter from a storage at the user equipment.
 12. Themethod of claim 10, further comprising deriving at least one non-accessstratum (NAS) key based on the second 4G-master key.
 13. The method ofclaim 10, wherein the user equipment is in a connected state to thesource 5G wireless communication system.
 14. A key managementarrangement configured to: derive a first 4G-master key based on i) a 5Gkey, K_(AMF), available at an Access and Mobility management Function(AMF) constituting a core network node supporting mobility management ina source 5G wireless communication system, and at a user equipment to behanded over from the source 5G wireless communication system to a target4G wireless communication system, and ii) a 5G-freshness parameter;forward the first 4G-master key to a target mobility managing entity(MME) of the target 4G wireless communication system for enablingderiving a second 4G-master key based on the first 4G-master key and a4G-freshness parameter; and forward the 5G-freshness parameter to theuser equipment for enabling deriving the first 4G-master key based onthe 5G key, K_(AMF), and the 5G-freshness parameter and deriving thesecond 4G-master key based on the first 4G-master key and the4G-freshness parameter.
 15. The key management arrangement of claim 14,wherein the key management arrangement is configured to generate the5G-freshness parameter based on reception of notification messageindicating that handover is required.
 16. The key management arrangementof claim 14, wherein the key management arrangement is configured to:receive a Relocation Response message comprising the 4G-freshnessparameter from the core network of the target 4G wireless communicationsystem; and forward a Handover Command comprising the 5G-freshnessparameter and the 4G-freshness parameter to the user equipment.
 17. Thekey management arrangement of claim 14, comprising: a processor; and amemory comprising instructions executable by the processor, wherein theprocessor is operative to: derive the first 4G-master key based on i)the 5G key and ii) the 5G-freshness parameter; forward the first4G-master key to the core network of the target 4G wirelesscommunication system; and forward the 5G-freshness parameter to the userequipment.
 18. A network unit comprising a mobility managementarrangement, wherein the mobility management arrangement comprises orconstitutes the key management arrangement of claim
 14. 19. A keymanagement arrangement configured to: receive, from a core network of asource 5G wireless communication system, a first 4G-master key derivedbased on i) a 5G key, K_(AMF), available at the core network of thesource 5G wireless communication system, and at a user equipment to behanded over from the source 5G wireless communication system to a target4G wireless communication system, and ii) a 5G-freshness parameter;generate a 4G-freshness parameter based on reception of the first4G-master key, and derive a second 4G-master key based on the first4G-master key and the 4G-freshness parameter.
 20. The key managementarrangement of claim 19, wherein the key management arrangement isconfigured to forward the second 4G-master key or a key derived from thesecond 4G-master key to a radio access network of the target 4G wirelesscommunication system to enable the user equipment to communicatesecurely with the radio access network of the target 4G wirelesscommunication system using the second 4G-master key or the key derivedbased on the second 4G-master key.
 21. The key management arrangement ofclaim 19, wherein the key management arrangement is configured toforward the 4G-freshness parameter to the user equipment.
 22. The keymanagement arrangement of claim 19, comprising: a processor; and amemory comprising instructions executable by the processor, wherein theprocessor is operative to: receive the first 4G-master key; and derivethe second 4G-master key.
 23. A key management arrangement configuredto: derive a first 4G-master key based on i) a 5G key K_(AMF) availableat a user equipment to be handed over from a source 5G wirelesscommunication system to a target 4G wireless communication system, andat an Access and Mobility management Function (AMF) constituting a corenetwork node supporting mobility management in a source 5G wirelesscommunication system, and ii) a 5G-freshness parameter originating fromthe core network of the source 5G wireless communication system; andderive a second 4G-master key based on the first 4G-master key and a4G-freshness parameter available at a core network of the target 4Gwireless communication system.
 24. The key management arrangement ofclaim 23, wherein the key management arrangement is configured toreceive the 5G-freshness parameter from a radio access network of thesource 5G wireless communication system.
 25. The key managementarrangement of claim 24, wherein the key management arrangement isconfigured to receive the 4G-freshness parameter from a radio accessnetwork of the source 5G wireless communication system or from a storageat the user equipment.
 26. The key management arrangement of claim 23,comprising: a processor; and a memory comprising instructions executableby the processor, wherein the processor is operative to: derive thefirst 4G-master key; and derive the second 4G-master key.